Google Android vulnerabilities

CVE-2025-26440 [HIGH] CWE-862 CVE-2025-26440: In multiple functions of CameraService.cpp, there is a possible way to use the camera from the backg In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48556 [HIGH] CWE-20 CVE-2025-48556: In multiple methods of NotificationChannel.java, there is a possible desynchronization from persiste In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48522 [HIGH] CWE-693 CVE-2025-48522: In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM assoc In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32347 [HIGH] CWE-926 CVE-2025-32347: In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's lo In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-32327 [HIGH] CWE-89 CVE-2025-32327: In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQ In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48532 [HIGH] CWE-441 CVE-2025-48532: In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_S In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-36907 [HIGH] CWE-122 CVE-2025-36907: In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26458 [HIGH] CWE-693 CVE-2025-26458: In multiple functions of LocationProviderManager.java, there is a possible background activity launc In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36898 [HIGH] CWE-693 CVE-2025-36898: There is a possible escalation of privilege due to a logic error in the code. This could lead to loc There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48544 [HIGH] CWE-89 CVE-2025-48544: In multiple locations, there is a possible way to read files belonging to other apps due to SQL inje In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32321 [HIGH] CWE-441 CVE-2025-32321: In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent typ In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26462 [HIGH] CWE-269 CVE-2025-26462: In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logi In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48547 [HIGH] CWE-862 CVE-2025-48547: In multiple locations, there is a possible one-time permission bypass due to a logic error in the co In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-36894 [HIGH] CWE-476 CVE-2025-36894: In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26454 [HIGH] CWE-441 CVE-2025-26454: In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48548 [HIGH] CWE-362 CVE-2025-48548: In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22414 [HIGH] CWE-862 CVE-2025-22414: In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48533 [HIGH] CWE-362 CVE-2025-48533: In multiple locations, there is a possible way to use apps linked from a context menu of a lockscree In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48523 [HIGH] CWE-863 CVE-2025-48523: In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permissio In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26430 [HIGH] CWE-285 CVE-2025-26430: In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.